On Wednesday, at about 12:15 pm ET, 1.35 terabits per second of traffic hit private developers platform GitHub all at once. It was the most powerful distributed denial of service attack recorded to date–and it use an increasingly popular DDoS method , no botnet required.
GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and mailed the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off.
The scale of the attack has few parallels, but a massive DDoS that struck the internet infrastructure company Dyn in late 2016 comes close. That bombardment peaked at 1.2 Tbps and made connectivity issues across the US as Dyn fought to get the situation under control.
“We modeled our capacity based on fives periods the biggest assault that the internet has ever seen, ” Josh Shaul, vice president of web security at Akamai told WIRED hours after the GitHub attack objective. “So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It’s one thing to have the confidence. It’s another thing to see it actually play out how you’d hope.”